msg_goodpass and msg_badpass conditional
Munroe Sollog
mus3 at lehigh.edu
Fri Sep 30 18:44:42 UTC 2022
I had a desire to log additional information about authentications to help
enrich our logging analysis. The best idea I came up with at the time was
to customize msg_goodpass and msg_badpass in the log{} section of the
radius.conf. This worked as expected, however, now I find myself wanting
to customize these messages based on unlang attributes. Specifically, I
log something like:
msg_goodpass = "AP-location: %{Aruba-Location-Id}, Device:
%{Aruba-Device-Type}, SSID: %{Aruba-Essid-Name}, Group: %{Aruba-AP-Group}”
This makes perfect sense and really helps the support staff to troubleshoot
user issues. However, this log line will also log when a VPN user
successfully authenticates, and as such, makes no sense. Any ideas or
suggestions for a more flexible way of customizing logging data would be
appreciated.
Munroe Sollog (He/Him/His)
Network Architect
munroe at lehigh.edu
More information about the Freeradius-Users
mailing list